Token-based authentication is not required to access the status API. You can choose to authenticate requests by using certificates, or you can access the API without authentication via HTTP.
/etc/puppetlabs/console-services/rbac-certificate-allowlist. The certificate allowlist is a simple, flat file consisting of certnames that match the host, for example:
node1.example node2.example node3.example
sudo service pe-console-services reload) for your changes to take effect.
The status API's endpoints can be served over HTTP, which does not require any authentication. This is disabled by default.